11/18/2015

Regulatory Fatigue Hits Financial Institutions

by Neil Farquharson

Reading through Thomson Reuters’ annual Cost Of Compliance report makes troubling reading. Compliance officers are “experiencing regulatory fatigue and overload in the face of snowballing regulations.” Of the 600 compliance practitioners from financial services businesses who were surveyed, 70% expect regulators to increase their regulatory burden in the following twelve months. Given their beliefs, and the volume of regulatory change, the survey respondents are being hard-pushed to maintain compliance and data security. Worse, in their most recent corporate governance survey, Thompson Reuters found that over half the surveyed organizations knew of situations where board members had left sensitive documents in public places. Other key findings regarding risk to sensitive data:

Unsecured email: 60% of organizations never or only occasionally encrypt their board communications, and only a quarter indicated that they always do so.

Mobile devices: Private computing devices are now commonly used by most board members for board communications, but only a third of them are provided by the company itself. The remaining two thirds are BYOD devices. There has been an increase in the use of these devices for board communications. 10% of organizations reported they have had a board member whose device, containing board communications, has been lost or stolen.

A third of organizations continue to print and courier materials to board members: madness in an age when email encryption can distribute sensitive board material securely. Plus companies are not always sure that executives destroy all copies of board related materials. This is important because companies do not routinely include paper copies of documents or the electronic copies of such stored on BYOD devices in litigation holds, thus opening themselves up to legal penalties. The Cost Of Compliance report states: